DIREC project

Privacy in the Realm of Multilingual Programs: Security in Hybrid Apps

Project impact

A health app can display your breathing in real time. On the surface, everything seems simple, but beneath the hood, data flows back and forth in ways that many conventional security tools struggle to handle.

The same pattern is common across domains – from banking to defense apps. Hybrid architectures improve efficiency but simultaneously create insecure data flows exposing a wealth of sensitive information that hackers could potentially exploit. This project aims to develop an analysis tool that enables developers to detect and mitigate vulnerabilities in modern hybrid apps. 

The project is led by researchers from SDU and AU, while the company AiroFit, which developed the health product of the same name, is responsible for validating the results in the market. Together, they will design and test new technologies that can empower both developers and end users to prevent data leaks in apps.

PROJECT DATA

Project name

Privacy in the realm of Multilingual programs — Mitigating Information flow security issues in Mobile/Web Hybrid Applications

Project period
2025-2027
Funding
DKK 2.000.000

Scientific mission

The project explores how static code analysis can be combined with dynamic analysis to detect sensitive data flows, for example from Java to JavaScript.

The goal is to develop a multilingual analysis tool for hybrid apps that integrates static and dynamic methods. SDU will lead the work on native pre-analysis and dynamic analysis, while Aarhus University will focus on JavaScript analysis. The results will be consolidated into a framework tool capable of identifying vulnerabilities across the system.

Validation of the tool will be conducted by AiroFit within its own development processes. Developers will provide feedback on usability, performance, and integration challenges, and the analysis tool will be integrated into their daily workflow. Ultimately, the insights and methodologies developed are expected to enhance app security across a wide range of domains.

Project Participants

Anders Møller
Anders Møller – Professor – Aarhus University
Mikkel Baun Kjærgaard
Mikkel Baun Kjærgaard – Professor – University of Southern Denmark
Abhishek Tiwari
Abhishek Tiwari – Associate Professor – University of Southern Denmark
Devender Kumar
Devender Kumar – Assistant Professor – University of Southern Denmark
Mike Bennet
Mike Bennet – Scientific & Partnership Manager – Airofit

Partners

Aarhus University logoUniversity of Southern Denmark logoAirofit logo